CVE-2025-5150

Опубликовано: 25 мая 2025

Источник: nvd

CVSS3: 6.3

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

A vulnerability was found in docarray up to 0.40.1. It has been rated as critical. Affected by this issue is the function getitem of the file /docarray/data/torch_dataset.py of the component Web API. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Ссылки

https://gist.github.com/superboy-zjc/56502343bcb12eb653081b426debf2c8
Exploit
Mitigation
https://vuldb.com/?ctiid.310238
Permissions Required
VDB Entry
https://vuldb.com/?id.310238
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.574696
Third Party Advisory
VDB Entry
https://gist.github.com/superboy-zjc/56502343bcb12eb653081b426debf2c8
Exploit
Mitigation

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:linuxfoundation:docarray:*:*:*:*:*:*:*:*

Версия до 0.40.1 (включая)

EPSS

Процентиль: 27%

0.00096

Низкий

6.3 Medium

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-94

CWE-1321

Связанные уязвимости

CVE-2025-5150

CVSS3: 6.3

debian

9 месяцев назад

A vulnerability was found in docarray up to 0.40.1. It has been rated ...

GHSA-j9wp-865g-rf48

CVSS3: 6.3

github

9 месяцев назад

docarray prototype pollution

EPSS

Процентиль: 27%

0.00096

Низкий

6.3 Medium

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-94

CWE-1321